From e38f7ddc8fcf9609b26cd245e9bb7a128e63d0df Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 26 Apr 2023 22:00:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/45xxx/CVE-2022-45876.json | 94 ++++++++++++++++++++++++++++++++-- 2023/27xxx/CVE-2023-27107.json | 56 +++++++++++++++++--- 2023/29xxx/CVE-2023-29552.json | 5 ++ 3 files changed, 144 insertions(+), 11 deletions(-) diff --git a/2022/45xxx/CVE-2022-45876.json b/2022/45xxx/CVE-2022-45876.json index 433d17f16d7..3e34d02ed94 100644 --- a/2022/45xxx/CVE-2022-45876.json +++ b/2022/45xxx/CVE-2022-45876.json @@ -1,18 +1,102 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-45876", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.\n\n" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-611", + "cweId": "CWE-611" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "VISAM", + "product": { + "product_data": [ + { + "product_name": "VBASE", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "11.7.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-080-05", + "refsource": "MISC", + "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-080-05" + }, + { + "url": "https://www.visam.com/kontakt.php", + "refsource": "MISC", + "name": "https://www.visam.com/kontakt.php" + }, + { + "url": "https://www.vbase.net/en/download.php", + "refsource": "MISC", + "name": "https://www.vbase.net/en/download.php" + } + ] + }, + "generator": { + "engine": "VINCE 2.0.7", + "env": "prod", + "origin": "https://cveawg.mitre.org/api/cve/CVE-2022-45468" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "\nVISAM recommends users update to VBASE 11.7.5 or later. The update can \nbe performed via the VBASE Editor update dialog on machines with secure \naccess to the internet.  Users of machines without internet access must \nmanually update by submitting a request form  to receive a download link.

For more information, users should contact VISAM using the information provided on their contact page  (German language).

" + } + ], + "value": "VISAM recommends users update to VBASE 11.7.5 or later. The update can \nbe performed via the VBASE Editor update dialog on machines with secure \naccess to the internet. \u00a0Users of machines without internet access must \nmanually update by submitting a request form https://www.vbase.net/en/download.php \u00a0\u00a0to receive a download link.For more information, users should contact VISAM using the information provided on their contact page https://www.visam.com/kontakt.php \u00a0\u00a0(German language).\n\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "Kimiya, working with Trend Micro Zero Day Initiative, reported these vulnerabilities to CISA." + } + ] } \ No newline at end of file diff --git a/2023/27xxx/CVE-2023-27107.json b/2023/27xxx/CVE-2023-27107.json index 88b28619ebe..e386575595f 100644 --- a/2023/27xxx/CVE-2023-27107.json +++ b/2023/27xxx/CVE-2023-27107.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-27107", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-27107", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect access control in the runReport function of MyQ Solution Print Server before 8.2 Patch 32 and Central Server before 8.2 Patch 22 allows users who do not have appropriate access rights to generate internal reports using a direct URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gist.github.com/smidtbx10/f8ff1c4977b7f54886c6a52e9ef4e816", + "refsource": "MISC", + "name": "https://gist.github.com/smidtbx10/f8ff1c4977b7f54886c6a52e9ef4e816" } ] } diff --git a/2023/29xxx/CVE-2023-29552.json b/2023/29xxx/CVE-2023-29552.json index ab519983a84..7c9c87d696d 100644 --- a/2023/29xxx/CVE-2023-29552.json +++ b/2023/29xxx/CVE-2023-29552.json @@ -78,6 +78,11 @@ "refsource": "MISC", "name": "https://github.com/curesec/slpload", "url": "https://github.com/curesec/slpload" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20230426-0001/", + "url": "https://security.netapp.com/advisory/ntap-20230426-0001/" } ] },